We received some reports about spikes on port 10000. The main reason for that is the release of the exploit for Veritas, and used by the Metasploit Framework, as Marc wrote in yesterday´s diary.

An excerpt of the exploit is bellow:

'RHOST' => [1, 'ADDR', 'The target address'],

'RPORT' => [1, 'PORT', 'The target port', 10000],

One of our readers also sent an interesting note about the usage of the new Veritas Exploit:"...So, it seems this exploit is crashing the service listening on port 10000. If sysadmins know they have backup exec installed and they scan the system they will see port 6101 and 10000 normally. After the exploit it will show only the port 6101 still listening."

Geek Wall art

I would like to thank all SANS ISC readers that sent some really interesting(and funny) ideas for Marc´s request in yesterday´s diary!

Bellow is a collection of links and posters ideas: (Thanks guys, and...I want to believe too...)

On my own room, I have SANS roadmap posters, Foundry IPv6 poster, Tripwire vulnerability Matrix posters and, the best soccer team in South America(ok, thats my opinion), Flamengo.

Portuguese Language Community

This week I received a link of a website about security in Portuguese language , it is called Linha Defensiva ( http://linhadefensiva.uol.com.br/ ). I would suggest you a try, if you can understand portuguese.

Another one for the Brazilian community, I will be presenting SANS ISC in a conference in Sao Paulo, from the Brazilian Network Security Workgroup, on July 5th ( http://eng.registro.br/gts/ ).